Kun Huang wrote:
> Thanks, Thierry Carrez. Your explanation is easy to understand. I have
> got why we need such a mechanism.
>
> BTW, is root-wrap a general or popular way to keep security? I have no
> experience on security, but I have heard the /root /should be banned
> because of security. Ide
Thanks, Thierry Carrez. Your explanation is easy to understand. I have got
why we need such a mechanism.
BTW, is root-wrap a general or popular way to keep security? I have no
experience on security, but I have heard the *root *should be banned
because of security. Ideally, should we ban *root *in
Daniel P. Berrange wrote:
> FWIW, if you've got libguestfs available, the file injection code does
> not require any rootwrap usage. Ironically the config drive stuff now
> does require root if you configure it to use FAT instead of ISO9660 :-(
My issue is that we enable a very permissive compute.
On Fri, Jan 11, 2013 at 11:32:08AM +0100, Thierry Carrez wrote:
> Kun Huang wrote:
> > In this wiki, http://wiki.openstack.org/Nova/Rootwrap, the part of
> > "security model" results in "This chain ensures that the nova user
> > itself is not in control of the configuration or modules used by the
>
Kun Huang wrote:
> In this wiki, http://wiki.openstack.org/Nova/Rootwrap, the part of
> "security model" results in "This chain ensures that the nova user
> itself is not in control of the configuration or modules used by the
> nova-rootwrap executable". I understand that chain but I`m confused wit
Hi, all:
In this wiki, http://wiki.openstack.org/Nova/Rootwrap, the part of
"security model" results in "This chain ensures that the nova user itself
is not in control of the configuration or modules used by the nova-rootwrap
executable". I understand that chain but I`m confused with this conclusi
6 matches
Mail list logo
